Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Naughty Norton: Symantec Fixes Flaw in Security Software



 By: Brian Prince
2007-05-17
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The security vendor has patched a buffer overflow vulnerability that could allow an attacker to remotely execute malicious code.

Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system.

According to Symantec officials, the company was notified of the problem by US-CERT. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged-in user, Symantec officials said.

Resource Library:
Click here to read more about Symantec taking on alleged counterfeiters.

In order for an exploit to work, however, the hacker must first trick the user into viewing a specially crafted HTML document. As noted in the advisory, such attacks frequently begin with an e-mail containing a link to the malicious site that is meant to entice the user.

"Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only," the advisory states. "Product updates to correct the problem are available through LiveUpdate."

Though the company lists the threat as medium, it is rated highly critical by Secunia. Symantec officials said they are not aware of any customers impacted by the flaw, or any attempts to exploit it, and recommend users keep their patches up to date. A plug for the security hole can be obtained through Symantecs LiveUpdate feature.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Naughty Norton: Symantec Fixes Flaw in Security Software
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r㶲s\@♵M푦d[kŶ,xMT(S$IVreoВ/3mFwh4#ogD]ݴ1p͙M55|zg`HRsgޅ-34 @oRQP ĠxnwݶN`P'~ > \?g3U;Y|R(áh] ]( ѼeMGQR`F Cw*Nul9 Q)+X^DP~FDM:ǎ-4rwN̚0/PcwҴdh-vu=yͨ /B1r!f-{4ɿTݱ[ L=iLVG;%0ýtf?Dk> NZ] ZSˆ辥{$)5< \g4QL1H6}~8IZ QK68Q+)Kk0~b[4I܃N8CEnOU[۾twgy@ffrt˜HJ&ԃ C(p}=\'BL|:j/Eӝfؖq[th(V*Z]QKru_):+{1كS who~wTUMSe@B mݹжF^׵Cq9}r>?'7;A:@o&1`ZLTQRpf Rc@G,{/B oVqW-hZIAvina[E4b™EU}dN"?[ڗu&u}Y6f0ZiCA+WtW?#;ˠjqszr|qӹhr Q@e)#8?݇IhJq䨉kYSl؅ R揇o4'~ަ,-|y"brݠHPs>Χ+foF"> 23yB(&pHqb&μbO૖yp!jY[6'jtamI՘i3_ӲKwqnUO^ S3G#вnZs榣V'cW*P\?,Ëʾb(7ZdL,5,{Lt차Y8`;}JwϧԴfPwH<: M/G˥yf1@ Lna 8 V8; u#uә=W45(h`GI l"&q3)к`oa2àF{7t( ,/G`\@48`$8ʼ E]uCb賀B=`Mtև &SsfPB<JdN˕ }"@F>H>'!hI#r Bг,`@o%`9`P ar T<ʦBICvn2V{TKh!+K@fsfd(4{~4 cbB|#'fXr`Y \d+|i)lb ը6؛ri:|:ioB{4 0sҺ<,$-XLcF0pq!4ӇiЈ4XĽǦ笳5SN`cܒn̜07ÚL ~Dg詅m>`T4fs)wdmrn)RЛvs9n$!+xWY 2gdRUyqtʝ+PXY3n2>=MO5XScX`D~wzb0qm/n)NaV|\v\g˺z+fYT]۽/ 7JeO]օVP+= K rL%kZԕ1%/D4$"] `}.EOqHLl-~6pZ#nP jrIj#SVhVK^Me+ L 4 op*7`bB0 OaNcy6tAz{fl.>q *l|2ː 7q'JkX"lM M=t%<42.|O\V,'0sgеSҝa|ia;m/ eKKXQ>Om V!҇DD+ه0`,E=_GMR^ z0iTW+JIUӤck@Lf2,rGmAu،;s<}Zj\X,>9R>5 < đOT׃RUaT(j];12­q͝a&1 DR)Ö1Swhi'T'/咢TSАah"pHEAxZkhp\@U.)L-9Hz  [ hg [QznSCz+n `RI?I BL!2B3ݧ==1g匬~`" dRPZUU+òZp~W`q,(xO?b5xh/Op{/Ne6ZPz;ܦ[pK9s㓏Sp c.# ,c` $̮fG`ã R)P^Cs2](:h3 siﭢz8_n?:!/ɘVIaۂf28ʇF18= [ ٔ|{.J 5:߼=Fh=Эt;Gq;Y qLϡRB7PU ōfπiNdž m}  m_ۯ `EOwDF3۝>S"s8ߊIUfS΁MOT%0=@" c]f.g|]~oLQXGVUe@5yJ1k % =EZЋvcSLJ.]ITY)(q g@Vf2U+WkU"m=,N =X Z=4~ z|IcEi\kxk(OU?2:i1RʵRM()CoED\vOJ9 ^M lZKqXCKkp= -2j=uR/̖ K%4e%3E/-9@Xe!eO.lWJ_0]HX9H(P+ YGۻBlpI75 ),3>&L{~;Atf; {Hڝg8 ^x;,5.H˓Hݏ'R&Fø@o9)P K1CE1>dt߫]=+coZ''5a=;oF"^9 us)d}=^xsٖҽNWs5A DH·䄬W!yۭFS̠o2XGz0<㥑a3+"APK}͙b9ki.Dz=t_5g0T p- ۵}g#0 V`!w1t|PVC (ʡ=`=`V鈓N9>\bϻ$VB 0F_Th)4zuSxv>^8Sj7 EGW%'K; u{-:}mFџ`m e܃*WVz[k't>!94|YQ$ rF1xc|.A-6ԾN9 4sJd":Q%;)~ڰOCT䵴f[YUHO~D!qbwyAH0GW倜b{~T߯Il;up=q"?h9#7:NjG/sy"O+:Q ,':]@_zϜGoIM21ɘKԍ A/h9GQ r0&xf&4NlEwy'("KxQESrc]O}0]vYy{ho&})s'AuhaJwfim6Ş`4 ݣovV:}i?vݷ;޽s¾"CWq :i)`* 94XhHn X"2NIJa'>8zdM#}ݾJfyӼ4hɘAhl7B_7nC]`l]s!T xBo~ˤaW*]c{*{w}wo]VZtC.qB1Vd/)&%ϓE L OKt1ڬ/ۥ{H?vV5BĬxBw/MLL(9c6P;?tl9;OݱٴꗦV{Éƾ? B_<5d{s#r{2$#ٽ% w/W8Sa (%1wcշhp'`@‚cוox ,BMm9x'Cq$ܠe!6X1*i׊o9Y3 /OeKZ<:,ʰ3^-$B^#M\`"\*i?3M4kg:&%38*8'bS&6K* /9NVJ.x,גrLePJd^I?xxE ^\Uk{‚K~^J{i"֤[cDHk.rVL,,MU++PxvM.d ~d0 %yg/3> -QnnWC^^Xv}J:wv=f[T># d s!|M{cXVwŹF:,m0Y]X"`k=܂H/./Lu@^ېJ/oG@Tԓ>zkJI^#G+Q$[Oa|Ɔc 6cre`t$jq;m\0R.,:c{,B>a)B`\x}Dj>Ɔ Xyis%otX5.UDUkH4bw@#!yXg2W#\|V t0 N  u]Lg;2(P {r闶Qp}Kȼ s-^NړYİO:~?WI-5>ZG ^b+\ B,6aD٭ȡ-bB1ʵm <߉!,tZ4 Ơm!2~j*bdFyAx!Fv;;Kb+6Q{$Ip+jj5rA^y*1ckzzD,?t"RVЮ(> jl?QX2Lzm/+iyp\KG6qΌ"F$drˏ".]sIjʾZr~^ :XuV%d˘x'VH=Қ0&^OE*ނ0H>PS!cE UH+4h cHq5&@ mNhCy?Vz^3Zk]X;Xifyj+n-浻3xb(ͪNTB`h}ؓRccnHu,ŵ7"; ]lkTp*Bק6:F̽O%LD0K*;JJEV^SUqqݗǮ5*>5BYQ$nb*Z.1XV3P}ӂ"Z{2ֱ:r敊V.իۺoIt=\*!EL|ŚRF ,kG *& < z p'%<z1W-vgq]A/Ԯ}q=EbWD[0K{EMF^[C5Xt:u_ai;t]kt+ 3>нg3B;w^?r}sι}?aeY 'xfVVTm}qV.R)q<ə莥ryNNt G Ki~RJHuTW"Yu?lgު zJ =0]LnUh5%MF(hdtiύ)<1^+@ZBB(YYv' o.'>Wov/>VHՕݷod}ext쀯J":r[\p֦!pfoV04#wAG>p<|SR=U%=܁hpqـjcEl~%:td6ɝ;&&s?f\NL_ _߰,VIm{d72[ EꊍBLS{5" p779l~V Yܝ aT f/F$'"!a&Kb\W\AxA; #x7tX$l9e1q1U?fC7,> l  \Zp4pLF}eOWJƈ\氟aHp=S-/ȘhD MQ VHxLirtv$%"&Ls6@@Pl~UWN n#BLk43DDc^r {fĔ~%?š{Ss%zH"V|8snj|J"r΢ X_$ FK tQ:..( oIYPXP؟SeKM)Qw3a/x a 3 s`EPf00a|LoS0lOpW'ACj1|`b\]:ovN5j' P=:YX6Bj@̐0(ˏIJ uXZFB(s ֦:Hou7@F`p3W VjMDO"ӁRs]j%u_]5YU^&*_Ӕ^*BI] / (HZ W{}GCHIPk;9&zh]]&k"6}<_w%9jwooW[u{{sپ\ Sˇ2f&SRo4eš6u\ «1.ys9,tG_0}4e8v'Q?B)Qe3ʋ qW~4ab ^)o\{=-ZI YW'>;ȱkhw >r:X)` чFIc r!>}ҽlIJ/΁ss_rʯz}q 8SޅnN9rz} झS~ O>9NyY_9)4;'9пNN?ӹ)wrsS?/?9ak^ȃȡ">E9yyß(9_~O9gP~S(GN_^%e\]_O7GtAtsU\W9_\O{99k}G௏9 ?~rC(+h&࿛Ku3Ay+GZWpz~;29)G9R{WKӜ}(gUsVnVa{CjgU_/Gޫ@Isu=I+ťfW*7yKxM}%k{[Z1iu}חG{1*,xW&  )htVydSrbye?VRRw;]Cڤ\j.{]W[O'ikz(#s<2g!h{U26#{"cN9|,y|8SNt7<1 }^1 B8 vt{zUtKn \ xk %> #r75inŭxg?9/ydֺWWVF+p'k͠~%k"N^[x9c6Dz{_,mBfh0l|y Nd@?o9Xj,.#v2QW!+<$ŝ+f4kc5;tp) ?`-kD2Ydpc l$5tgi[Lr,eށzxM&V=ȁF=CY%x-ꞠW_{ hJ/.ݳxYKQ,Vk 5t0@2nu–1*F'B;^\ǽ\$'[`>sdJ9=bՇ.ެ" 8luy9M"r* ŃI`a\m8NƋI8q0>AZ/`51ⲅפpDy% fB~.' V@U}ÈC 1*{ԟ1PDY/u[Y{qDz&zU x$.7=j"1: gC“J'Z~{[o\D)R%:V*Oe[BI<ŗM\4Xl=$y1|t,G巧gS%^Πo'b_ws7eQ&PLŽc)JqIȥIG[=$sDJrE)ߠ(b/<% *`>.X&">m<'6}Fu;H "@"drtPŗ-;waSF)f'VFp)hFN<}u<٢uKğ?X \ cwH V&K0Su ѫv>cx LŹ65Tc *|?OGe Lt8͡o0kn>7q$LsizQڃ`+슧q?d|E#bSp!@pM62QTĻ Q)ۉYj%xd휙/'mrxsMu@DqLgHvxGml<^:yl뎮E{OfuݎüжJWt{]!Kb C>`mR>ǔK ]'[٧3й?-Rן/e[͌/U_X (K# LwEN8u vKѪ v7"aa^o1n,$&@Ss=Vcm;pSz2 Qm`-N \70(g|Ntu ۊ|Va=rksbcΜ6 *χŀOm޾^f#9uVRdGB~DdaܐdZ-*?҂g' Q\F$30(y l+m5G0X1+ (R9(t>0 'Ɣ ϰ"- s+׶9),cכU .^3Ơ`{e75SF o/]S,{ٗN[<|;XYt0y']f*FRqOR||8(>woh-/=jD*(Ksӽ>igA0}Us!]/uM+_0dF-<#DYfCժZ-Nj|ӷۊ#iQg8&rYOrѥ;7 D^4†mJPU&s)c MW\e\)MCS9U2;V&|&Z2cˤ_ lS;'